To hear Edward Snowden tell it, the secret program that finally drove the former National Security Agency contractor to leak sensitive documents would have allowed the U.S. to retaliate automatically against foreign cyberattacks.

But MonsterMind, as Snowden says the project was called, would face one big hurdle: The White House and Pentagon are not believed to have decided when the U.S. can strike back in cyberspace.

So even if NSA figures out how to build the digital equivalent of a second-strike missile system, it’s unlikely to be able to use it, two former U.S. officials familiar with American cyber policy said. One of those former officials said it’s a safe bet NSA technologists are at least “thinking” about such a system.

In an interview with Wired, Snowden said the automated MonsterMind program wouldn’t just stop incoming cyberattacks, but launch retaliatory ones as well.

State-backed computer attacks could range from knocking a foreign server offline to bringing a nuclear facility to a standstill.

Identifying the enemy can be tricky in cyberwar. Many attacks are launched from hacked computers, sometimes inside the U.S. Chinese hackers, for example, have hit American targets using machines owned by U.S. state governments, according to federal documents and U.S. officials.

In 2012, President Obama signed a classified directive – since leaked by Snowden – offering vague guidelines on when the Defense Department can launch cyberattacks. Offensive cyber operations with “significant consequences” each require president approval, according to the directive. The document allows for emergency responses to “imminent” and “ongoing” attacks, but requires that these efforts “are reasonably likely not to result in significant consequences.”

The process of launching a cyberattack is “not fast,” said Richard Clarke, a former White House cybersecurity official. “There’s a bunch of humans in the loop and a bunch of lawyers in the loop.”

Of course, U.S. intelligence agencies have not always limited themselves to narrow interpretations of what’s legal.

Much of the hand-wringing about launching a cyberattack, Clarke said, involves thinking through potential collateral damage, such as damage to computers owned by innocent people but controlled by foreign hackers. An automated response would require giving the NSA blanket authority to strike back in certain instances, he said.

“That doesn’t mean they’re not developing the capability,” Clarke said of the agency. If the President and Pentagon were to agree on the policy, “they don’t want to say, ‘Let me take two years to develop it.’ ”